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Summary 



Overall Rating 



A 




Visit our documentation page for more information, configuration guides, and books. Known issues are documented here . 



Certificate uses SHA1. When renewing, ensure you upgrade to SHA256. MORE INFO » 



This server is not vulnerable to the POODLE attack because it doesn't support SSL 3. MORE INFO » 



PPO 



Authentication 



Server Key and Certificate #1 

Common names 

Alternative names 

Prefix handling 

Valid from 

Valid until 

Key 



Weak key (Debian) 
Issuer 

Signature algorithm 
Extended Validation 
Revocation information 
Revocation status 
Trusted 



*. elaborat.marcel.pl 

*. elaborat.marcel.pl elaborat.marcel.pl 

Not required for subdomains 

Thu Feb 02 11:17:38 UTC 2012 

Mon Feb 02 11:17:38 UTC 2015 (expires in 3 months and 19 days) 

RSA 2048 bits 

No 



AlphaSSL CA - G2 
SHA1 with RSA WEAK 
No 
CRL 

Good (not revoked) 
Yes 



itiftitUU. Additional Certificates (if supplied) 



Certificates provided 


2 (2254 bytes) 


Chain issues 


None 


#2 


Subject 


AlphaSSL CA - G2 


SHA1 : 5824cf32c3cc2a47443db10a33bbe3ac8de524e1 


Valid until 


Wed Apr 13 10:00:00 UTC 2022 (expires in 7 years and 5 months) 


Key 


RSA 2048 bits 
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Issuer 

Signature algorithm 
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GlobalSign Root CA 
SHAIwithRSA WEAK 



Certification Paths 
Path #1: Trusted 

*. elaborat.marcel.pl 

SHA1 : 42fa800c41a8a7895f709ed9765f794940b6851 1 

1 Sent by server 

RSA 2048 bits / SHAIwithRSA 
WEAK SIGNATURE 

AlphaSSL CA - G2 

SHA1 : 5824cf32c3cc2a47443db10a33bbe3ac8de524e1 

2 Sent by server 

RSA 2048 bits / SHAIwithRSA 
WEAK SIGNATURE 

GlobalSign Root CA 

SHA1: b1bc968bd4f49d622aa89a81f2150152a41d829c 

3 In trust store 

RSA 2048 bits / SHAIwithRSA 

Weak or insecure signature, but no impact on root certificates 



Configuration 

f — Protocols 

L J TLS 1 .2 Yes 

TLS1.1 Yes 

TLS 1 .0 Yes 

SSL 3 No 

SSL 2 No 



Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) 

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0XCO3O) ECDH 256 bits (eq. 3072 bits RSA) FS 256 

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Oxc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0XC027) ECDH 256 bits (eq. 3072 bits RSA) FS 128 

TLS_ECDHE_RSA_WITH_RC4_128_SHA (0XC011) ECDH 256 bits (eq. 3072 bits RSA) FS 128 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0XC014) ECDH 256 bits (eq. 3072 bits RSA) FS 256 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0XC013) ECDH 256 bits (eq. 3072 bits RSA) FS 128 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x9f) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 256 

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x67) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 

TLS_D H E_RS A_W I TH_S E E D_C B C_S HA (0x9a) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 1024 bits (p: 128, g: 1, Ys: 128) FS 128 

TLS_RSA_WITH_RC4_128_SHA (0x5) 128 



Handshake Simulation 

Android 2.3.7 NoSNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) No FS 128 

Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_RC4_128_SHA (OxcOll) FS RC4 128 

Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_RC4_128_SHA (OxcOll) FS RC4 128 



https://www.ssl labs. com/ssltest/analyze.html?d=kl732. elaborat.marcel.pl 



2/4 



16.10.2014 Qualys SSL Labs - Projects / SSL Server Test / kl732.elaborat.marcel.pl 



AnHrnirl A 9 9 


TLS 1 0 


Tl Q Cpni-IF RCA WITH RP4 19Q QUA /Ovr-ftl "H PC PCM 

i i_o cuunc r\ort vvi i n r\0'+ 1^0 on/A (ualoii) ro rc^^t 




128 


Android 4.3 


TLS 1.0 


TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc0ll) FS RC4 




128 


Android 4.4.2 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 GCM SHA384 (0XC030) 


FS 


256 












BinqBot Dec 201 3 No SNl 2 


TLS 1.0 


TLS RSA WITH AES 128 CBC SHA(0x2f) NoFS 




128 


BinqPreview Jun 2014 


TLS 1.0 


TLS DHE RSA WITH AES 256 CBC SHA (0x39) FS 




256 


Chrome 37 / OS X R 


TLS 1.2 


TLS ECDHE RSA WITH AES 128 GCM SHA256 (0xc02f) 


FS 


128 


Firefox 24.2.0 ESR/Win 7 


TLS 1.0 


TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc0ll) FS RC4 




128 


Firefox 32 / OS X R 


TLS 1.2 


TLS ECDHE RSA WITH AES 128 GCM SHA256 (0xc02f) 


FS 


128 


Gooqlebot Jun 2014 


TLS 1.0 


TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc0ll) FS RC4 




128 


IE6/XP NoFS 1 No SNl 2 


Protocol or cipher suite mismatch 




Fail 3 


IE 7 /Vista 


TLS 1.0 


TLS ECDHE RSA WITH AES 256 CBC SHA(0xc014) FS 




256 


IE8/XP NoFS 1 No SNl 2 


Protocol or cipher suite mismatch 




Fail 3 


IE 8-10 /Win 7 R 


TLS 1 .0 


Tl Q FPnHF RQA WITH AFQ PRP A f flyi-m FC 
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256 


IE 11 / Win 7 R 


TLS 1 2 


Tl Q FPnHF RCA WITH AFC 19ft PRP QHA9^R (C\vrC\')7\ 


FS 


128 


IE 11 /Win 8.1 R 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 CBC SHA384 (0XC028) 


FS 


256 


IE Mobile 10 /Win Phone 8.0 


TLS 1.0 


TLS ECDHE RSA WITH AES 256 CBC SHA(0xc014) FS 




256 


IE Mobile 11 / Win Phone 8.1 


TLS 1.2 


TLS ECDHE RSA WITH AES 128 CBC SHA256 (0XC027) 


FS 


128 


Java 6u45 No SNl 2 


TLS 1.0 


TLS RSA WITH AES 128 CBC SHA(0x2f) NoFS 




128 


Java 7u25 


TLS 1.0 


TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc0ll) FS RC4 




128 


Java 8b132 


TLS 1.2 


TLS ECDHE RSA WITH AES 128 GCM SHA256 (0xc02f) 


FS 


128 


OoenSSL 0.9.8v 


TLS 1.0 


TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 




256 


flnonQQI 1 f> 1 h 

upenooL i.u. in 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 GCM SHA384 (0XC030) 


FS 


ZOO 


Safari 5.1.9 / OS X 10.6.8 


TLS 1.0 


TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc0ll) FS RC4 




128 


oaTan o / ii^>o o.u. i k 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 CBC SHA384 (0XC028) 


FS 


ZOO 












Safari 7/ iOS 7.1 R 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 CBC SHA384 (0XC028) 


FS 


256 


Safari ft / iDC; B n Rata P 
odldll O / ll^O O.U Dcld K 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 CBC SHA384 (0XC028) 


FS 


256 












Safari 6.0.4 / OS X 10.8.4 R 


TLS 1.0 


TLS_ECDHE_RSA_WITH_RC4_128_SHA(0xc0ll) FS RC4 




128 


Safari 7/ OS X 10.9 R 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 CBC SHA384 (0xcO28) 


FS 


256 












Yahoo Slurp Jun 2014 No SNl 2 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 GCM SHA384 (0XC030) 


FS 


256 


YandexBot Sep 2014 


TLS 1.2 


TLS ECDHE RSA WITH AES 256 GCM SHA384 (0XC030) 


FS 


256 













(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. 

(2) No support for virtual SSL hosting (SNl). Connects to the default site if the server uses SNl. 

(3) Only first connection attempt simulated. Browsers tend to retry with a lower protocol version. 
(R) Denotes a reference browser or client, with which we expect better effective security. 

(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). 




Protocol Details 

Secure Renegotiation 

Secure Client-Initiated Renegotiation 

Insecure Client-Initiated Renegotiation 

BEAST attack 

POODLE attack 

Downgrade attack prevention 

TLS compression 

RC4 

Heartbeat (extension) 



Heartbleed (vulnerability) 

OpenSSL CCS vuln. (CVE-201 4-0224) 

Forward Secrecy 

Next Protocol Negotiation 

Session resumption (caching) 



Supported 

No 
No 

Mitigated server-side ( more info ) tls 1.0: OxcOii 

No, SSL 3 not supported ( more info ) 

No, TLS_FALLBACK_SCSV not supported ( more info ) 

No 

Yes (not with TLS 1.1 and newer) ( more info ) 
Yes 

No ( more info ) 
No ( more info ) 



With modern browsers ( more info ) 

No 

Yes 
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Session resumption (tickets) 


Yes 


OCSP stapling 


No 


Strict Transport Security (HSTS) 


No 


Long handshake intolerance 


No 


TLS extension intolerance 


No 


TLS version intolerance 


TLS 2.98 


SSL 2 handshake compatibility 


Yes 


Miscellaneous 


Test date 


Thu Oct 16 06:42:47 UTC 2014 


Test duration 


135.319 seconds 


HTTP status code 


200 


HTTP server signature 


Apache 


Server hostname 


62-89-107-243.static.ip.netia.com.pl 


PCI compliant 


Yes 


FlPS-ready 


No 
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